Securing Web Traffic

As 1Integrate is a web application that requires a user to log-in, (I.e. the sending of user credentials over the network) and as such you should encrypt web traffic, otherwise these credentials could be at risk.

Configuring HTTPS

The following section details how to enable TLS over HTTP (HTTPS).

Requirements

In order to configure HTTPS you will need a:

  • JKS or PKCS12 keystore, containing a private key for the server to use as its identity.

  • The details of the key (alias and password) and the password for the keystore.

Configuration

  1. Move your chosen keystore into the SETTINGS directory.

  2. Add the following and set the required TLS settings in the settings.properties file:

    3. tls.keystore.filename=
tls.keystore.password=
tls.keystore.type=
tls.key.alias=
tls.key.password=
http.enabled=
https.enabled=
jboss.bind.address=

    TLS details

    Parameter

    Value

    tls.keystore.filename

    The name of the keystore file (including the extension) you have placed in your SETTINGS directory.

    tls.keystore.password

    The password for the keystore you have placed in your SETTINGS directory.

    tls.keystore.type

    Your keystore type: PKCS12 or JKS.

    tls.key.alias

    The unique identifier for the key you will be using.

    tls.key.password

    The password for the key you will use in the Keystore.

    http.enabled

    Set to false to disable the unsecure HTTP listener.

    https.enabled

    Set to true to enable the HTTPS listener.

    jboss.bind.address

    The address that 1Integrate should listen on, this should match the common name protected by your certificate.

  3. Next time 1Integrate starts, it will only listen on port 8443 over HTTPS. To change the secure port, add and set the HTTPS port:

Cross Origin Resource Sharing

If you are going to be accessing 1Integrate from a web-based application (e.g business intelligence tooling) you will need to enable cross origin resource sharing (CORS).

     Note: An origin refers to the location of the web-based application accessing 1Integrate. Examples of these and the format can be found below.

Enable CORS

This feature can be enabled by setting the following in the settings.properties file:

cors.enabled=true
cors.allowed.origins=[<scheme>://<hostname>:<port>]

     Example: https://1spatial:[port] The port directive is optional and if unspecified then the default will be requested (e.g 443 for HTTPS).

Additional origins can be enabled by adding more in a comma separated list after the cors.allowed.origins= parameter.

Securing 1Integrate using an SSL enabled reverse proxy

If you are securing 1Integrate by using an SSL enabled reverse proxy, then you have the following to consider, dependent on the application server you are using:

  • The server hosting the 1Integrate interface will need to be configured to ensure that it knows it is running behind a proxy

  • The proxy server will also need to be configured to communicate specific headers to the 1Integrate server to confirm that the connection from the client to the proxy was secure.

Enable Proxy Use

1Integrate needs to be configured to know a proxy is in use:

  1. Open the Settings Properties file

  2. Enter reverse.proxy.enabled=true

Proxy Configuration

The headers you must set to tell the 1Integrate server that the connection is secure are:

  • X-Forwarded-Proto: https

  • X-Forwarded-SSL: on

Consult the documentation for your proxy server for details on how to implement the setting of these additional headers.